Channels

Services

Fix Pack eliminates vulnerabilities in IBM’s Lotus Domino

IBM has released Fix Pack 2 for Lotus Domino 7.0.2 to eliminate a bug which allows database managers to exploit a vulnerability in agent signature verification to gain administrative privileges on the server. According to IBM’s security advisory on this issue, an attacker must, however, fulfil certain additional conditions to exploit this vulnerability successfully.

Fix Pack 2 eliminates this bug, and the forthcoming Lotus Domino 7.0.3 version will no longer contain this vulnerability.

Fix Pack 2 also removes a DoS vulnerability in Lotus Domino 7.0.2: Accessing certain URLs can cause a Lotus® Domino® Web Server to crash. Lotus Domino 6.5.6. is also affected by this vulnerability, for which a fix is provided with Fix Pack 3.